search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Staging: add rt3090 wireless driver
[linux-2.6/kvm.git] / drivers / staging / rt3090 / common / cmm_sanity.c
blobde631c38a44e46c61926b3955c6cce06b4e68304
1 /*
2 *************************************************************************
3 * Ralink Tech Inc.
4 * 5F., No.36, Taiyuan St., Jhubei City,
5 * Hsinchu County 302,
6 * Taiwan, R.O.C.
7 *
8 * (c) Copyright 2002-2007, Ralink Technology, Inc.
9 *
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
14 * *
15 * This program is distributed in the hope that it will be useful, *
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
18 * GNU General Public License for more details. *
19 * *
20 * You should have received a copy of the GNU General Public License *
21 * along with this program; if not, write to the *
22 * Free Software Foundation, Inc., *
23 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
24 * *
25 *************************************************************************
26
27 Module Name:
28 sanity.c
29
30 Abstract:
31
32 Revision History:
33 Who When What
34 -------- ---------- ----------------------------------------------
35 John Chang 2004-09-01 add WMM support
36 */
37
38 #include "../rt_config.h"
39
40
41 extern UCHAR CISCO_OUI[];
42
43 extern UCHAR WPA_OUI[];
44 extern UCHAR RSN_OUI[];
45 extern UCHAR WME_INFO_ELEM[];
46 extern UCHAR WME_PARM_ELEM[];
47 extern UCHAR Ccx2QosInfo[];
48 extern UCHAR RALINK_OUI[];
49 extern UCHAR BROADCOM_OUI[];
50 extern UCHAR WPS_OUI[];
51
52 /*
53 ==========================================================================
54 Description:
55 MLME message sanity check
56 Return:
57 TRUE if all parameters are OK, FALSE otherwise
58
59 IRQL = DISPATCH_LEVEL
60
61 ==========================================================================
62 */
63 BOOLEAN MlmeAddBAReqSanity(
64 IN PRTMP_ADAPTER pAd,
65 IN VOID *Msg,
66 IN ULONG MsgLen,
67 OUT PUCHAR pAddr2)
68 {
69 PMLME_ADDBA_REQ_STRUCT pInfo;
70
71 pInfo = (MLME_ADDBA_REQ_STRUCT *)Msg;
72
73 if ((MsgLen != sizeof(MLME_ADDBA_REQ_STRUCT)))
74 {
75 DBGPRINT(RT_DEBUG_TRACE, ("MlmeAddBAReqSanity fail - message lenght not correct.\n"));
76 return FALSE;
77 }
78
79 if ((pInfo->Wcid >= MAX_LEN_OF_MAC_TABLE))
80 {
81 DBGPRINT(RT_DEBUG_TRACE, ("MlmeAddBAReqSanity fail - The peer Mac is not associated yet.\n"));
82 return FALSE;
83 }
84
85 /*
86 if ((pInfo->BaBufSize > MAX_RX_REORDERBUF) || (pInfo->BaBufSize < 2))
87 {
88 DBGPRINT(RT_DEBUG_TRACE, ("MlmeAddBAReqSanity fail - Rx Reordering buffer too big or too small\n"));
89 return FALSE;
90 }
91 */
92
93 if ((pInfo->pAddr[0]&0x01) == 0x01)
94 {
95 DBGPRINT(RT_DEBUG_TRACE, ("MlmeAddBAReqSanity fail - broadcast address not support BA\n"));
96 return FALSE;
97 }
98
99 return TRUE;
100 }
101
102 /*
103 ==========================================================================
104 Description:
105 MLME message sanity check
106 Return:
107 TRUE if all parameters are OK, FALSE otherwise
108
109 IRQL = DISPATCH_LEVEL
110
111 ==========================================================================
112 */
113 BOOLEAN MlmeDelBAReqSanity(
114 IN PRTMP_ADAPTER pAd,
115 IN VOID *Msg,
116 IN ULONG MsgLen)
117 {
118 MLME_DELBA_REQ_STRUCT *pInfo;
119 pInfo = (MLME_DELBA_REQ_STRUCT *)Msg;
120
121 if ((MsgLen != sizeof(MLME_DELBA_REQ_STRUCT)))
122 {
123 DBGPRINT(RT_DEBUG_ERROR, ("MlmeDelBAReqSanity fail - message lenght not correct.\n"));
124 return FALSE;
125 }
126
127 if ((pInfo->Wcid >= MAX_LEN_OF_MAC_TABLE))
128 {
129 DBGPRINT(RT_DEBUG_ERROR, ("MlmeDelBAReqSanity fail - The peer Mac is not associated yet.\n"));
130 return FALSE;
131 }
132
133 if ((pInfo->TID & 0xf0))
134 {
135 DBGPRINT(RT_DEBUG_ERROR, ("MlmeDelBAReqSanity fail - The peer TID is incorrect.\n"));
136 return FALSE;
137 }
138
139 if (NdisEqualMemory(pAd->MacTab.Content[pInfo->Wcid].Addr, pInfo->Addr, MAC_ADDR_LEN) == 0)
140 {
141 DBGPRINT(RT_DEBUG_ERROR, ("MlmeDelBAReqSanity fail - the peer addr dosen't exist.\n"));
142 return FALSE;
143 }
144
145 return TRUE;
146 }
147
148 BOOLEAN PeerAddBAReqActionSanity(
149 IN PRTMP_ADAPTER pAd,
150 IN VOID *pMsg,
151 IN ULONG MsgLen,
152 OUT PUCHAR pAddr2)
153 {
154 PFRAME_802_11 pFrame = (PFRAME_802_11)pMsg;
155 PFRAME_ADDBA_REQ pAddFrame;
156 pAddFrame = (PFRAME_ADDBA_REQ)(pMsg);
157 if (MsgLen < (sizeof(FRAME_ADDBA_REQ)))
158 {
159 DBGPRINT(RT_DEBUG_ERROR,("PeerAddBAReqActionSanity: ADDBA Request frame length size = %ld incorrect\n", MsgLen));
160 return FALSE;
161 }
162 // we support immediate BA.
163 #ifdef UNALIGNMENT_SUPPORT
164 {
165 BA_PARM tmpBaParm;
166
167 NdisMoveMemory((PUCHAR)(&tmpBaParm), (PUCHAR)(&pAddFrame->BaParm), sizeof(BA_PARM));
168 *(USHORT *)(&tmpBaParm) = cpu2le16(*(USHORT *)(&tmpBaParm));
169 NdisMoveMemory((PUCHAR)(&pAddFrame->BaParm), (PUCHAR)(&tmpBaParm), sizeof(BA_PARM));
170 }
171 #else
172 *(USHORT *)(&pAddFrame->BaParm) = cpu2le16(*(USHORT *)(&pAddFrame->BaParm));
173 #endif
174 pAddFrame->TimeOutValue = cpu2le16(pAddFrame->TimeOutValue);
175 pAddFrame->BaStartSeq.word = cpu2le16(pAddFrame->BaStartSeq.word);
176
177 if (pAddFrame->BaParm.BAPolicy != IMMED_BA)
178 {
179 DBGPRINT(RT_DEBUG_ERROR,("PeerAddBAReqActionSanity: ADDBA Request Ba Policy[%d] not support\n", pAddFrame->BaParm.BAPolicy));
180 DBGPRINT(RT_DEBUG_ERROR,("ADDBA Request. tid=%x, Bufsize=%x, AMSDUSupported=%x \n", pAddFrame->BaParm.TID, pAddFrame->BaParm.BufSize, pAddFrame->BaParm.AMSDUSupported));
181 return FALSE;
182 }
183
184 // we support immediate BA.
185 if (pAddFrame->BaParm.TID &0xfff0)
186 {
187 DBGPRINT(RT_DEBUG_ERROR,("PeerAddBAReqActionSanity: ADDBA Request incorrect TID = %d\n", pAddFrame->BaParm.TID));
188 return FALSE;
189 }
190 COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2);
191 return TRUE;
192 }
193
194 BOOLEAN PeerAddBARspActionSanity(
195 IN PRTMP_ADAPTER pAd,
196 IN VOID *pMsg,
197 IN ULONG MsgLen)
198 {
199 //PFRAME_802_11 pFrame = (PFRAME_802_11)pMsg;
200 PFRAME_ADDBA_RSP pAddFrame;
201
202 pAddFrame = (PFRAME_ADDBA_RSP)(pMsg);
203 if (MsgLen < (sizeof(FRAME_ADDBA_RSP)))
204 {
205 DBGPRINT(RT_DEBUG_ERROR,("PeerAddBARspActionSanity: ADDBA Response frame length size = %ld incorrect\n", MsgLen));
206 return FALSE;
207 }
208 // we support immediate BA.
209 #ifdef UNALIGNMENT_SUPPORT
210 {
211 BA_PARM tmpBaParm;
212
213 NdisMoveMemory((PUCHAR)(&tmpBaParm), (PUCHAR)(&pAddFrame->BaParm), sizeof(BA_PARM));
214 *(USHORT *)(&tmpBaParm) = cpu2le16(*(USHORT *)(&tmpBaParm));
215 NdisMoveMemory((PUCHAR)(&pAddFrame->BaParm), (PUCHAR)(&tmpBaParm), sizeof(BA_PARM));
216 }
217 #else
218 *(USHORT *)(&pAddFrame->BaParm) = cpu2le16(*(USHORT *)(&pAddFrame->BaParm));
219 #endif
220 pAddFrame->StatusCode = cpu2le16(pAddFrame->StatusCode);
221 pAddFrame->TimeOutValue = cpu2le16(pAddFrame->TimeOutValue);
222
223 if (pAddFrame->BaParm.BAPolicy != IMMED_BA)
224 {
225 DBGPRINT(RT_DEBUG_ERROR,("PeerAddBAReqActionSanity: ADDBA Response Ba Policy[%d] not support\n", pAddFrame->BaParm.BAPolicy));
226 return FALSE;
227 }
228
229 // we support immediate BA.
230 if (pAddFrame->BaParm.TID &0xfff0)
231 {
232 DBGPRINT(RT_DEBUG_ERROR,("PeerAddBARspActionSanity: ADDBA Response incorrect TID = %d\n", pAddFrame->BaParm.TID));
233 return FALSE;
234 }
235 return TRUE;
236
237 }
238
239 BOOLEAN PeerDelBAActionSanity(
240 IN PRTMP_ADAPTER pAd,
241 IN UCHAR Wcid,
242 IN VOID *pMsg,
243 IN ULONG MsgLen )
244 {
245 //PFRAME_802_11 pFrame = (PFRAME_802_11)pMsg;
246 PFRAME_DELBA_REQ pDelFrame;
247 if (MsgLen != (sizeof(FRAME_DELBA_REQ)))
248 return FALSE;
249
250 if (Wcid >= MAX_LEN_OF_MAC_TABLE)
251 return FALSE;
252
253 pDelFrame = (PFRAME_DELBA_REQ)(pMsg);
254
255 *(USHORT *)(&pDelFrame->DelbaParm) = cpu2le16(*(USHORT *)(&pDelFrame->DelbaParm));
256 pDelFrame->ReasonCode = cpu2le16(pDelFrame->ReasonCode);
257
258 if (pDelFrame->DelbaParm.TID &0xfff0)
259 return FALSE;
260
261 return TRUE;
262 }
263
264 /*
265 ==========================================================================
266 Description:
267 MLME message sanity check
268 Return:
269 TRUE if all parameters are OK, FALSE otherwise
270
271 IRQL = DISPATCH_LEVEL
272
273 ==========================================================================
274 */
275 BOOLEAN PeerBeaconAndProbeRspSanity(
276 IN PRTMP_ADAPTER pAd,
277 IN VOID *Msg,
278 IN ULONG MsgLen,
279 IN UCHAR MsgChannel,
280 OUT PUCHAR pAddr2,
281 OUT PUCHAR pBssid,
282 OUT CHAR Ssid[],
283 OUT UCHAR *pSsidLen,
284 OUT UCHAR *pBssType,
285 OUT USHORT *pBeaconPeriod,
286 OUT UCHAR *pChannel,
287 OUT UCHAR *pNewChannel,
288 OUT LARGE_INTEGER *pTimestamp,
289 OUT CF_PARM *pCfParm,
290 OUT USHORT *pAtimWin,
291 OUT USHORT *pCapabilityInfo,
292 OUT UCHAR *pErp,
293 OUT UCHAR *pDtimCount,
294 OUT UCHAR *pDtimPeriod,
295 OUT UCHAR *pBcastFlag,
296 OUT UCHAR *pMessageToMe,
297 OUT UCHAR SupRate[],
298 OUT UCHAR *pSupRateLen,
299 OUT UCHAR ExtRate[],
300 OUT UCHAR *pExtRateLen,
301 OUT UCHAR *pCkipFlag,
302 OUT UCHAR *pAironetCellPowerLimit,
303 OUT PEDCA_PARM pEdcaParm,
304 OUT PQBSS_LOAD_PARM pQbssLoad,
305 OUT PQOS_CAPABILITY_PARM pQosCapability,
306 OUT ULONG *pRalinkIe,
307 OUT UCHAR *pHtCapabilityLen,
308 #ifdef CONFIG_STA_SUPPORT
309 OUT UCHAR *pPreNHtCapabilityLen,
310 #endif // CONFIG_STA_SUPPORT //
311 OUT HT_CAPABILITY_IE *pHtCapability,
312 OUT UCHAR *AddHtInfoLen,
313 OUT ADD_HT_INFO_IE *AddHtInfo,
314 OUT UCHAR *NewExtChannelOffset, // Ht extension channel offset(above or below)
315 OUT USHORT *LengthVIE,
316 OUT PNDIS_802_11_VARIABLE_IEs pVIE)
317 {
318 UCHAR *Ptr;
319 #ifdef CONFIG_STA_SUPPORT
320 UCHAR TimLen;
321 #endif // CONFIG_STA_SUPPORT //
322 PFRAME_802_11 pFrame;
323 PEID_STRUCT pEid;
324 UCHAR SubType;
325 UCHAR Sanity;
326 //UCHAR ECWMin, ECWMax;
327 //MAC_CSR9_STRUC Csr9;
328 ULONG Length = 0;
329
330 // For some 11a AP which didn't have DS_IE, we use two conditions to decide the channel
331 // 1. If the AP is 11n enabled, then check the control channel.
332 // 2. If the AP didn't have any info about channel, use the channel we received this frame as the channel. (May inaccuracy!!)
333 UCHAR CtrlChannel = 0;
334
335 // Add for 3 necessary EID field check
336 Sanity = 0;
337
338 *pAtimWin = 0;
339 *pErp = 0;
340 *pDtimCount = 0;
341 *pDtimPeriod = 0;
342 *pBcastFlag = 0;
343 *pMessageToMe = 0;
344 *pExtRateLen = 0;
345 *pCkipFlag = 0; // Default of CkipFlag is 0
346 *pAironetCellPowerLimit = 0xFF; // Default of AironetCellPowerLimit is 0xFF
347 *LengthVIE = 0; // Set the length of VIE to init value 0
348 *pHtCapabilityLen = 0; // Set the length of VIE to init value 0
349 #ifdef CONFIG_STA_SUPPORT
350 if (pAd->OpMode == OPMODE_STA)
351 *pPreNHtCapabilityLen = 0; // Set the length of VIE to init value 0
352 #endif // CONFIG_STA_SUPPORT //
353 *AddHtInfoLen = 0; // Set the length of VIE to init value 0
354 *pRalinkIe = 0;
355 *pNewChannel = 0;
356 *NewExtChannelOffset = 0xff; //Default 0xff means no such IE
357 pCfParm->bValid = FALSE; // default: no IE_CF found
358 pQbssLoad->bValid = FALSE; // default: no IE_QBSS_LOAD found
359 pEdcaParm->bValid = FALSE; // default: no IE_EDCA_PARAMETER found
360 pQosCapability->bValid = FALSE; // default: no IE_QOS_CAPABILITY found
361
362 pFrame = (PFRAME_802_11)Msg;
363
364 // get subtype from header
365 SubType = (UCHAR)pFrame->Hdr.FC.SubType;
366
367 // get Addr2 and BSSID from header
368 COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2);
369 COPY_MAC_ADDR(pBssid, pFrame->Hdr.Addr3);
370
371 // hex_dump("Beacon", Msg, MsgLen);
372
373 Ptr = pFrame->Octet;
374 Length += LENGTH_802_11;
375
376 // get timestamp from payload and advance the pointer
377 NdisMoveMemory(pTimestamp, Ptr, TIMESTAMP_LEN);
378
379 pTimestamp->u.LowPart = cpu2le32(pTimestamp->u.LowPart);
380 pTimestamp->u.HighPart = cpu2le32(pTimestamp->u.HighPart);
381
382 Ptr += TIMESTAMP_LEN;
383 Length += TIMESTAMP_LEN;
384
385 // get beacon interval from payload and advance the pointer
386 NdisMoveMemory(pBeaconPeriod, Ptr, 2);
387 Ptr += 2;
388 Length += 2;
389
390 // get capability info from payload and advance the pointer
391 NdisMoveMemory(pCapabilityInfo, Ptr, 2);
392 Ptr += 2;
393 Length += 2;
394
395 if (CAP_IS_ESS_ON(*pCapabilityInfo))
396 *pBssType = BSS_INFRA;
397 else
398 *pBssType = BSS_ADHOC;
399
400 pEid = (PEID_STRUCT) Ptr;
401
402 // get variable fields from payload and advance the pointer
403 while ((Length + 2 + pEid->Len) <= MsgLen)
404 {
405 //
406 // Secure copy VIE to VarIE[MAX_VIE_LEN] didn't overflow.
407 //
408 if ((*LengthVIE + pEid->Len + 2) >= MAX_VIE_LEN)
409 {
410 DBGPRINT(RT_DEBUG_WARN, ("PeerBeaconAndProbeRspSanity - Variable IEs out of resource [len(=%d) > MAX_VIE_LEN(=%d)]\n",
411 (*LengthVIE + pEid->Len + 2), MAX_VIE_LEN));
412 break;
413 }
414
415 switch(pEid->Eid)
416 {
417 case IE_SSID:
418 // Already has one SSID EID in this beacon, ignore the second one
419 if (Sanity & 0x1)
420 break;
421 if(pEid->Len <= MAX_LEN_OF_SSID)
422 {
423 NdisMoveMemory(Ssid, pEid->Octet, pEid->Len);
424 *pSsidLen = pEid->Len;
425 Sanity |= 0x1;
426 }
427 else
428 {
429 DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_SSID (len=%d)\n",pEid->Len));
430 return FALSE;
431 }
432 break;
433
434 case IE_SUPP_RATES:
435 if(pEid->Len <= MAX_LEN_OF_SUPPORTED_RATES)
436 {
437 Sanity |= 0x2;
438 NdisMoveMemory(SupRate, pEid->Octet, pEid->Len);
439 *pSupRateLen = pEid->Len;
440
441 // TODO: 2004-09-14 not a good design here, cause it exclude extra rates
442 // from ScanTab. We should report as is. And filter out unsupported
443 // rates in MlmeAux.
444 // Check against the supported rates
445 // RTMPCheckRates(pAd, SupRate, pSupRateLen);
446 }
447 else
448 {
449 DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_SUPP_RATES (len=%d)\n",pEid->Len));
450 return FALSE;
451 }
452 break;
453
454 case IE_HT_CAP:
455 if (pEid->Len >= SIZE_HT_CAP_IE) //Note: allow extension.!!
456 {
457 NdisMoveMemory(pHtCapability, pEid->Octet, sizeof(HT_CAPABILITY_IE));
458 *pHtCapabilityLen = SIZE_HT_CAP_IE; // Nnow we only support 26 bytes.
459
460 *(USHORT *)(&pHtCapability->HtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->HtCapInfo));
461 #ifdef UNALIGNMENT_SUPPORT
462 {
463 EXT_HT_CAP_INFO extHtCapInfo;
464 NdisMoveMemory((PUCHAR)(&extHtCapInfo), (PUCHAR)(&pHtCapability->ExtHtCapInfo), sizeof(EXT_HT_CAP_INFO));
465 *(USHORT *)(&extHtCapInfo) = cpu2le16(*(USHORT *)(&extHtCapInfo));
466 NdisMoveMemory((PUCHAR)(&pHtCapability->ExtHtCapInfo), (PUCHAR)(&extHtCapInfo), sizeof(EXT_HT_CAP_INFO));
467 }
468 #else
469 *(USHORT *)(&pHtCapability->ExtHtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->ExtHtCapInfo));
470 #endif // UNALIGNMENT_SUPPORT //
471
472 #ifdef CONFIG_STA_SUPPORT
473 IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
474 {
475 *pPreNHtCapabilityLen = 0; // Now we only support 26 bytes.
476
477 Ptr = (PUCHAR) pVIE;
478 NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2);
479 *LengthVIE += (pEid->Len + 2);
480 }
481 #endif // CONFIG_STA_SUPPORT //
482 }
483 else
484 {
485 DBGPRINT(RT_DEBUG_WARN, ("PeerBeaconAndProbeRspSanity - wrong IE_HT_CAP. pEid->Len = %d\n", pEid->Len));
486 }
487
488 break;
489 case IE_ADD_HT:
490 if (pEid->Len >= sizeof(ADD_HT_INFO_IE))
491 {
492 // This IE allows extension, but we can ignore extra bytes beyond our knowledge , so only
493 // copy first sizeof(ADD_HT_INFO_IE)
494 NdisMoveMemory(AddHtInfo, pEid->Octet, sizeof(ADD_HT_INFO_IE));
495 *AddHtInfoLen = SIZE_ADD_HT_INFO_IE;
496
497 CtrlChannel = AddHtInfo->ControlChan;
498
499 *(USHORT *)(&AddHtInfo->AddHtInfo2) = cpu2le16(*(USHORT *)(&AddHtInfo->AddHtInfo2));
500 *(USHORT *)(&AddHtInfo->AddHtInfo3) = cpu2le16(*(USHORT *)(&AddHtInfo->AddHtInfo3));
501
502 #ifdef CONFIG_STA_SUPPORT
503 IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
504 {
505 Ptr = (PUCHAR) pVIE;
506 NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2);
507 *LengthVIE += (pEid->Len + 2);
508 }
509 #endif // CONFIG_STA_SUPPORT //
510 }
511 else
512 {
513 DBGPRINT(RT_DEBUG_WARN, ("PeerBeaconAndProbeRspSanity - wrong IE_ADD_HT. \n"));
514 }
515
516 break;
517 case IE_SECONDARY_CH_OFFSET:
518 if (pEid->Len == 1)
519 {
520 *NewExtChannelOffset = pEid->Octet[0];
521 }
522 else
523 {
524 DBGPRINT(RT_DEBUG_WARN, ("PeerBeaconAndProbeRspSanity - wrong IE_SECONDARY_CH_OFFSET. \n"));
525 }
526
527 break;
528 case IE_FH_PARM:
529 DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity(IE_FH_PARM) \n"));
530 break;
531
532 case IE_DS_PARM:
533 if(pEid->Len == 1)
534 {
535 *pChannel = *pEid->Octet;
536 #ifdef CONFIG_STA_SUPPORT
537 IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
538 {
539 if (ChannelSanity(pAd, *pChannel) == 0)
540 {
541
542 return FALSE;
543 }
544 }
545 #endif // CONFIG_STA_SUPPORT //
546 Sanity |= 0x4;
547 }
548 else
549 {
550 DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_DS_PARM (len=%d)\n",pEid->Len));
551 return FALSE;
552 }
553 break;
554
555 case IE_CF_PARM:
556 if(pEid->Len == 6)
557 {
558 pCfParm->bValid = TRUE;
559 pCfParm->CfpCount = pEid->Octet[0];
560 pCfParm->CfpPeriod = pEid->Octet[1];
561 pCfParm->CfpMaxDuration = pEid->Octet[2] + 256 * pEid->Octet[3];
562 pCfParm->CfpDurRemaining = pEid->Octet[4] + 256 * pEid->Octet[5];
563 }
564 else
565 {
566 DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_CF_PARM\n"));
567 return FALSE;
568 }
569 break;
570
571 case IE_IBSS_PARM:
572 if(pEid->Len == 2)
573 {
574 NdisMoveMemory(pAtimWin, pEid->Octet, pEid->Len);
575 }
576 else
577 {
578 DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_IBSS_PARM\n"));
579 return FALSE;
580 }
581 break;
582
583 #ifdef CONFIG_STA_SUPPORT
584 case IE_TIM:
585 if(INFRA_ON(pAd) && SubType == SUBTYPE_BEACON)
586 {
587 GetTimBit((PCHAR)pEid, pAd->StaActive.Aid, &TimLen, pBcastFlag, pDtimCount, pDtimPeriod, pMessageToMe);
588 }
589 break;
590 #endif // CONFIG_STA_SUPPORT //
591 case IE_CHANNEL_SWITCH_ANNOUNCEMENT:
592 if(pEid->Len == 3)
593 {
594 *pNewChannel = pEid->Octet[1]; //extract new channel number
595 }
596 break;
597
598 // New for WPA
599 // CCX v2 has the same IE, we need to parse that too
600 // Wifi WMM use the same IE vale, need to parse that too
601 // case IE_WPA:
602 case IE_VENDOR_SPECIFIC:
603 // Check Broadcom/Atheros 802.11n OUI version, for HT Capability IE.
604 // This HT IE is before IEEE draft set HT IE value.2006-09-28 by Jan.
605 /*if (NdisEqualMemory(pEid->Octet, BROADCOM_OUI, 3) && (pEid->Len >= 4))
606 {
607 if ((pEid->Octet[3] == OUI_BROADCOM_HT) && (pEid->Len >= 30))
608 {
609 {
610 NdisMoveMemory(pHtCapability, &pEid->Octet[4], sizeof(HT_CAPABILITY_IE));
611 *pHtCapabilityLen = SIZE_HT_CAP_IE; // Nnow we only support 26 bytes.
612 }
613 }
614 if ((pEid->Octet[3] == OUI_BROADCOM_HT) && (pEid->Len >= 26))
615 {
616 {
617 NdisMoveMemory(AddHtInfo, &pEid->Octet[4], sizeof(ADD_HT_INFO_IE));
618 *AddHtInfoLen = SIZE_ADD_HT_INFO_IE; // Nnow we only support 26 bytes.
619 }
620 }
621 }
622 */
623 // Check the OUI version, filter out non-standard usage
624 if (NdisEqualMemory(pEid->Octet, RALINK_OUI, 3) && (pEid->Len == 7))
625 {
626 //*pRalinkIe = pEid->Octet[3];
627 if (pEid->Octet[3] != 0)
628 *pRalinkIe = pEid->Octet[3];
629 else
630 *pRalinkIe = 0xf0000000; // Set to non-zero value (can't set bit0-2) to represent this is Ralink Chip. So at linkup, we will set ralinkchip flag.
631 }
632 #ifdef CONFIG_STA_SUPPORT
633 #ifdef DOT11_N_SUPPORT
634 // This HT IE is before IEEE draft set HT IE value.2006-09-28 by Jan.
635
636 // Other vendors had production before IE_HT_CAP value is assigned. To backward support those old-firmware AP,
637 // Check broadcom-defiend pre-802.11nD1.0 OUI for HT related IE, including HT Capatilities IE and HT Information IE
638 else if ((*pHtCapabilityLen == 0) && NdisEqualMemory(pEid->Octet, PRE_N_HT_OUI, 3) && (pEid->Len >= 4) && (pAd->OpMode == OPMODE_STA))
639 {
640 if ((pEid->Octet[3] == OUI_PREN_HT_CAP) && (pEid->Len >= 30) && (*pHtCapabilityLen == 0))
641 {
642 NdisMoveMemory(pHtCapability, &pEid->Octet[4], sizeof(HT_CAPABILITY_IE));
643 *pPreNHtCapabilityLen = SIZE_HT_CAP_IE;
644 }
645
646 if ((pEid->Octet[3] == OUI_PREN_ADD_HT) && (pEid->Len >= 26))
647 {
648 NdisMoveMemory(AddHtInfo, &pEid->Octet[4], sizeof(ADD_HT_INFO_IE));
649 *AddHtInfoLen = SIZE_ADD_HT_INFO_IE;
650 }
651 }
652 #endif // DOT11_N_SUPPORT //
653 #endif // CONFIG_STA_SUPPORT //
654 else if (NdisEqualMemory(pEid->Octet, WPA_OUI, 4))
655 {
656 // Copy to pVIE which will report to microsoft bssid list.
657 Ptr = (PUCHAR) pVIE;
658 NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2);
659 *LengthVIE += (pEid->Len + 2);
660 }
661 else if (NdisEqualMemory(pEid->Octet, WME_PARM_ELEM, 6) && (pEid->Len == 24))
662 {
663 PUCHAR ptr;
664 int i;
665
666 // parsing EDCA parameters
667 pEdcaParm->bValid = TRUE;
668 pEdcaParm->bQAck = FALSE; // pEid->Octet[0] & 0x10;
669 pEdcaParm->bQueueRequest = FALSE; // pEid->Octet[0] & 0x20;
670 pEdcaParm->bTxopRequest = FALSE; // pEid->Octet[0] & 0x40;
671 pEdcaParm->EdcaUpdateCount = pEid->Octet[6] & 0x0f;
672 pEdcaParm->bAPSDCapable = (pEid->Octet[6] & 0x80) ? 1 : 0;
673 ptr = &pEid->Octet[8];
674 for (i=0; i<4; i++)
675 {
676 UCHAR aci = (*ptr & 0x60) >> 5; // b5~6 is AC INDEX
677 pEdcaParm->bACM[aci] = (((*ptr) & 0x10) == 0x10); // b5 is ACM
678 pEdcaParm->Aifsn[aci] = (*ptr) & 0x0f; // b0~3 is AIFSN
679 pEdcaParm->Cwmin[aci] = *(ptr+1) & 0x0f; // b0~4 is Cwmin
680 pEdcaParm->Cwmax[aci] = *(ptr+1) >> 4; // b5~8 is Cwmax
681 pEdcaParm->Txop[aci] = *(ptr+2) + 256 * (*(ptr+3)); // in unit of 32-us
682 ptr += 4; // point to next AC
683 }
684 }
685 else if (NdisEqualMemory(pEid->Octet, WME_INFO_ELEM, 6) && (pEid->Len == 7))
686 {
687 // parsing EDCA parameters
688 pEdcaParm->bValid = TRUE;
689 pEdcaParm->bQAck = FALSE; // pEid->Octet[0] & 0x10;
690 pEdcaParm->bQueueRequest = FALSE; // pEid->Octet[0] & 0x20;
691 pEdcaParm->bTxopRequest = FALSE; // pEid->Octet[0] & 0x40;
692 pEdcaParm->EdcaUpdateCount = pEid->Octet[6] & 0x0f;
693 pEdcaParm->bAPSDCapable = (pEid->Octet[6] & 0x80) ? 1 : 0;
694
695 // use default EDCA parameter
696 pEdcaParm->bACM[QID_AC_BE] = 0;
697 pEdcaParm->Aifsn[QID_AC_BE] = 3;
698 pEdcaParm->Cwmin[QID_AC_BE] = CW_MIN_IN_BITS;
699 pEdcaParm->Cwmax[QID_AC_BE] = CW_MAX_IN_BITS;
700 pEdcaParm->Txop[QID_AC_BE] = 0;
701
702 pEdcaParm->bACM[QID_AC_BK] = 0;
703 pEdcaParm->Aifsn[QID_AC_BK] = 7;
704 pEdcaParm->Cwmin[QID_AC_BK] = CW_MIN_IN_BITS;
705 pEdcaParm->Cwmax[QID_AC_BK] = CW_MAX_IN_BITS;
706 pEdcaParm->Txop[QID_AC_BK] = 0;
707
708 pEdcaParm->bACM[QID_AC_VI] = 0;
709 pEdcaParm->Aifsn[QID_AC_VI] = 2;
710 pEdcaParm->Cwmin[QID_AC_VI] = CW_MIN_IN_BITS-1;
711 pEdcaParm->Cwmax[QID_AC_VI] = CW_MAX_IN_BITS;
712 pEdcaParm->Txop[QID_AC_VI] = 96; // AC_VI: 96*32us ~= 3ms
713
714 pEdcaParm->bACM[QID_AC_VO] = 0;
715 pEdcaParm->Aifsn[QID_AC_VO] = 2;
716 pEdcaParm->Cwmin[QID_AC_VO] = CW_MIN_IN_BITS-2;
717 pEdcaParm->Cwmax[QID_AC_VO] = CW_MAX_IN_BITS-1;
718 pEdcaParm->Txop[QID_AC_VO] = 48; // AC_VO: 48*32us ~= 1.5ms
719 }
720 #ifdef CONFIG_STA_SUPPORT
721 #endif // CONFIG_STA_SUPPORT //
722
723
724 break;
725
726 case IE_EXT_SUPP_RATES:
727 if (pEid->Len <= MAX_LEN_OF_SUPPORTED_RATES)
728 {
729 NdisMoveMemory(ExtRate, pEid->Octet, pEid->Len);
730 *pExtRateLen = pEid->Len;
731
732 // TODO: 2004-09-14 not a good design here, cause it exclude extra rates
733 // from ScanTab. We should report as is. And filter out unsupported
734 // rates in MlmeAux.
735 // Check against the supported rates
736 // RTMPCheckRates(pAd, ExtRate, pExtRateLen);
737 }
738 break;
739
740 case IE_ERP:
741 if (pEid->Len == 1)
742 {
743 *pErp = (UCHAR)pEid->Octet[0];
744 }
745 break;
746
747 case IE_AIRONET_CKIP:
748 // 0. Check Aironet IE length, it must be larger or equal to 28
749 // Cisco AP350 used length as 28
750 // Cisco AP12XX used length as 30
751 if (pEid->Len < (CKIP_NEGOTIATION_LENGTH - 2))
752 break;
753
754 // 1. Copy CKIP flag byte to buffer for process
755 *pCkipFlag = *(pEid->Octet + 8);
756 break;
757
758 case IE_AP_TX_POWER:
759 // AP Control of Client Transmit Power
760 //0. Check Aironet IE length, it must be 6
761 if (pEid->Len != 0x06)
762 break;
763
764 // Get cell power limit in dBm
765 if (NdisEqualMemory(pEid->Octet, CISCO_OUI, 3) == 1)
766 *pAironetCellPowerLimit = *(pEid->Octet + 4);
767 break;
768
769 // WPA2 & 802.11i RSN
770 case IE_RSN:
771 // There is no OUI for version anymore, check the group cipher OUI before copying
772 if (RTMPEqualMemory(pEid->Octet + 2, RSN_OUI, 3))
773 {
774 // Copy to pVIE which will report to microsoft bssid list.
775 Ptr = (PUCHAR) pVIE;
776 NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2);
777 *LengthVIE += (pEid->Len + 2);
778 }
779 break;
780 #ifdef CONFIG_STA_SUPPORT
781 #ifdef EXT_BUILD_CHANNEL_LIST
782 case IE_COUNTRY:
783 Ptr = (PUCHAR) pVIE;
784 NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2);
785 *LengthVIE += (pEid->Len + 2);
786 break;
787 #endif // EXT_BUILD_CHANNEL_LIST //
788 #endif // CONFIG_STA_SUPPORT //
789
790
791 default:
792 break;
793 }
794
795 Length = Length + 2 + pEid->Len; // Eid[1] + Len[1]+ content[Len]
796 pEid = (PEID_STRUCT)((UCHAR*)pEid + 2 + pEid->Len);
797 }
798
799 // For some 11a AP. it did not have the channel EID, patch here
800 #ifdef CONFIG_STA_SUPPORT
801 IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
802 {
803 UCHAR LatchRfChannel = MsgChannel;
804 if ((pAd->LatchRfRegs.Channel > 14) && ((Sanity & 0x4) == 0))
805 {
806 if (CtrlChannel != 0)
807 *pChannel = CtrlChannel;
808 else
809 *pChannel = LatchRfChannel;
810 Sanity |= 0x4;
811 }
812 }
813 #endif // CONFIG_STA_SUPPORT //
814
815 if (Sanity != 0x7)
816 {
817 DBGPRINT(RT_DEBUG_LOUD, ("PeerBeaconAndProbeRspSanity - missing field, Sanity=0x%02x\n", Sanity));
818 return FALSE;
819 }
820 else
821 {
822 return TRUE;
823 }
824
825 }
826
827 #ifdef DOT11N_DRAFT3
828 /*
829 ==========================================================================
830 Description:
831 MLME message sanity check for some IE addressed in 802.11n d3.03.
832 Return:
833 TRUE if all parameters are OK, FALSE otherwise
834
835 IRQL = DISPATCH_LEVEL
836
837 ==========================================================================
838 */
839 BOOLEAN PeerBeaconAndProbeRspSanity2(
840 IN PRTMP_ADAPTER pAd,
841 IN VOID *Msg,
842 IN ULONG MsgLen,
843 OUT UCHAR *RegClass)
844 {
845 CHAR *Ptr;
846 PFRAME_802_11 pFrame;
847 PEID_STRUCT pEid;
848 ULONG Length = 0;
849
850 pFrame = (PFRAME_802_11)Msg;
851
852 *RegClass = 0;
853 Ptr = (PCHAR) pFrame->Octet;
854 Length += LENGTH_802_11;
855
856 // get timestamp from payload and advance the pointer
857 Ptr += TIMESTAMP_LEN;
858 Length += TIMESTAMP_LEN;
859
860 // get beacon interval from payload and advance the pointer
861 Ptr += 2;
862 Length += 2;
863
864 // get capability info from payload and advance the pointer
865 Ptr += 2;
866 Length += 2;
867
868 pEid = (PEID_STRUCT) Ptr;
869
870 // get variable fields from payload and advance the pointer
871 while ((Length + 2 + pEid->Len) <= MsgLen)
872 {
873 switch(pEid->Eid)
874 {
875 case IE_SUPP_REG_CLASS:
876 if(pEid->Len > 0)
877 {
878 *RegClass = *pEid->Octet;
879 }
880 else
881 {
882 DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_SSID (len=%d)\n",pEid->Len));
883 return FALSE;
884 }
885 break;
886 }
887
888 Length = Length + 2 + pEid->Len; // Eid[1] + Len[1]+ content[Len]
889 pEid = (PEID_STRUCT)((UCHAR*)pEid + 2 + pEid->Len);
890 }
891
892 return TRUE;
893
894 }
895 #endif // DOT11N_DRAFT3 //
896
897 /*
898 ==========================================================================
899 Description:
900 MLME message sanity check
901 Return:
902 TRUE if all parameters are OK, FALSE otherwise
903 ==========================================================================
904 */
905 BOOLEAN MlmeScanReqSanity(
906 IN PRTMP_ADAPTER pAd,
907 IN VOID *Msg,
908 IN ULONG MsgLen,
909 OUT UCHAR *pBssType,
910 OUT CHAR Ssid[],
911 OUT UCHAR *pSsidLen,
912 OUT UCHAR *pScanType)
913 {
914 MLME_SCAN_REQ_STRUCT *Info;
915
916 Info = (MLME_SCAN_REQ_STRUCT *)(Msg);
917 *pBssType = Info->BssType;
918 *pSsidLen = Info->SsidLen;
919 NdisMoveMemory(Ssid, Info->Ssid, *pSsidLen);
920 *pScanType = Info->ScanType;
921
922 if ((*pBssType == BSS_INFRA || *pBssType == BSS_ADHOC || *pBssType == BSS_ANY)
923 && (*pScanType == SCAN_ACTIVE || *pScanType == SCAN_PASSIVE
924 #ifdef CONFIG_STA_SUPPORT
925 #endif // CONFIG_STA_SUPPORT //
926 ))
927 {
928 return TRUE;
929 }
930 else
931 {
932 DBGPRINT(RT_DEBUG_TRACE, ("MlmeScanReqSanity fail - wrong BssType or ScanType\n"));
933 return FALSE;
934 }
935 }
936
937 // IRQL = DISPATCH_LEVEL
938 UCHAR ChannelSanity(
939 IN PRTMP_ADAPTER pAd,
940 IN UCHAR channel)
941 {
942 int i;
943
944 for (i = 0; i < pAd->ChannelListNum; i ++)
945 {
946 if (channel == pAd->ChannelList[i].Channel)
947 return 1;
948 }
949 return 0;
950 }
951
952 /*
953 ==========================================================================
954 Description:
955 MLME message sanity check
956 Return:
957 TRUE if all parameters are OK, FALSE otherwise
958
959 IRQL = DISPATCH_LEVEL
960
961 ==========================================================================
962 */
963 BOOLEAN PeerDeauthSanity(
964 IN PRTMP_ADAPTER pAd,
965 IN VOID *Msg,
966 IN ULONG MsgLen,
967 OUT PUCHAR pAddr2,
968 OUT USHORT *pReason)
969 {
970 PFRAME_802_11 pFrame = (PFRAME_802_11)Msg;
971
972 COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2);
973 NdisMoveMemory(pReason, &pFrame->Octet[0], 2);
974
975 return TRUE;
976 }
977
978 /*
979 ==========================================================================
980 Description:
981 MLME message sanity check
982 Return:
983 TRUE if all parameters are OK, FALSE otherwise
984
985 IRQL = DISPATCH_LEVEL
986
987 ==========================================================================
988 */
989 BOOLEAN PeerAuthSanity(
990 IN PRTMP_ADAPTER pAd,
991 IN VOID *Msg,
992 IN ULONG MsgLen,
993 OUT PUCHAR pAddr,
994 OUT USHORT *pAlg,
995 OUT USHORT *pSeq,
996 OUT USHORT *pStatus,
997 CHAR *pChlgText)
998 {
999 PFRAME_802_11 pFrame = (PFRAME_802_11)Msg;
1000
1001 COPY_MAC_ADDR(pAddr, pFrame->Hdr.Addr2);
1002 NdisMoveMemory(pAlg, &pFrame->Octet[0], 2);
1003 NdisMoveMemory(pSeq, &pFrame->Octet[2], 2);
1004 NdisMoveMemory(pStatus, &pFrame->Octet[4], 2);
1005
1006 if (*pAlg == AUTH_MODE_OPEN)
1007 {
1008 if (*pSeq == 1 || *pSeq == 2)
1009 {
1010 return TRUE;
1011 }
1012 else
1013 {
1014 DBGPRINT(RT_DEBUG_TRACE, ("PeerAuthSanity fail - wrong Seg#\n"));
1015 return FALSE;
1016 }
1017 }
1018 else if (*pAlg == AUTH_MODE_KEY)
1019 {
1020 if (*pSeq == 1 || *pSeq == 4)
1021 {
1022 return TRUE;
1023 }
1024 else if (*pSeq == 2 || *pSeq == 3)
1025 {
1026 NdisMoveMemory(pChlgText, &pFrame->Octet[8], CIPHER_TEXT_LEN);
1027 return TRUE;
1028 }
1029 else
1030 {
1031 DBGPRINT(RT_DEBUG_TRACE, ("PeerAuthSanity fail - wrong Seg#\n"));
1032 return FALSE;
1033 }
1034 }
1035 else
1036 {
1037 DBGPRINT(RT_DEBUG_TRACE, ("PeerAuthSanity fail - wrong algorithm\n"));
1038 return FALSE;
1039 }
1040 }
1041
1042 /*
1043 ==========================================================================
1044 Description:
1045 MLME message sanity check
1046 Return:
1047 TRUE if all parameters are OK, FALSE otherwise
1048 ==========================================================================
1049 */
1050 BOOLEAN MlmeAuthReqSanity(
1051 IN PRTMP_ADAPTER pAd,
1052 IN VOID *Msg,
1053 IN ULONG MsgLen,
1054 OUT PUCHAR pAddr,
1055 OUT ULONG *pTimeout,
1056 OUT USHORT *pAlg)
1057 {
1058 MLME_AUTH_REQ_STRUCT *pInfo;
1059
1060 pInfo = (MLME_AUTH_REQ_STRUCT *)Msg;
1061 COPY_MAC_ADDR(pAddr, pInfo->Addr);
1062 *pTimeout = pInfo->Timeout;
1063 *pAlg = pInfo->Alg;
1064
1065 if (((*pAlg == AUTH_MODE_KEY) ||(*pAlg == AUTH_MODE_OPEN)
1066 ) &&
1067 ((*pAddr & 0x01) == 0))
1068 {
1069 return TRUE;
1070 }
1071 else
1072 {
1073 DBGPRINT(RT_DEBUG_TRACE, ("MlmeAuthReqSanity fail - wrong algorithm\n"));
1074 return FALSE;
1075 }
1076 }
1077
1078 /*
1079 ==========================================================================
1080 Description:
1081 MLME message sanity check
1082 Return:
1083 TRUE if all parameters are OK, FALSE otherwise
1084
1085 IRQL = DISPATCH_LEVEL
1086
1087 ==========================================================================
1088 */
1089 BOOLEAN MlmeAssocReqSanity(
1090 IN PRTMP_ADAPTER pAd,
1091 IN VOID *Msg,
1092 IN ULONG MsgLen,
1093 OUT PUCHAR pApAddr,
1094 OUT USHORT *pCapabilityInfo,
1095 OUT ULONG *pTimeout,
1096 OUT USHORT *pListenIntv)
1097 {
1098 MLME_ASSOC_REQ_STRUCT *pInfo;
1099
1100 pInfo = (MLME_ASSOC_REQ_STRUCT *)Msg;
1101 *pTimeout = pInfo->Timeout; // timeout
1102 COPY_MAC_ADDR(pApAddr, pInfo->Addr); // AP address
1103 *pCapabilityInfo = pInfo->CapabilityInfo; // capability info
1104 *pListenIntv = pInfo->ListenIntv;
1105
1106 return TRUE;
1107 }
1108
1109 /*
1110 ==========================================================================
1111 Description:
1112 MLME message sanity check
1113 Return:
1114 TRUE if all parameters are OK, FALSE otherwise
1115
1116 IRQL = DISPATCH_LEVEL
1117
1118 ==========================================================================
1119 */
1120 BOOLEAN PeerDisassocSanity(
1121 IN PRTMP_ADAPTER pAd,
1122 IN VOID *Msg,
1123 IN ULONG MsgLen,
1124 OUT PUCHAR pAddr2,
1125 OUT USHORT *pReason)
1126 {
1127 PFRAME_802_11 pFrame = (PFRAME_802_11)Msg;
1128
1129 COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2);
1130 NdisMoveMemory(pReason, &pFrame->Octet[0], 2);
1131
1132 return TRUE;
1133 }
1134
1135 /*
1136 ========================================================================
1137 Routine Description:
1138 Sanity check NetworkType (11b, 11g or 11a)
1139
1140 Arguments:
1141 pBss - Pointer to BSS table.
1142
1143 Return Value:
1144 Ndis802_11DS .......(11b)
1145 Ndis802_11OFDM24....(11g)
1146 Ndis802_11OFDM5.....(11a)
1147
1148 IRQL = DISPATCH_LEVEL
1149
1150 ========================================================================
1151 */
1152 NDIS_802_11_NETWORK_TYPE NetworkTypeInUseSanity(
1153 IN PBSS_ENTRY pBss)
1154 {
1155 NDIS_802_11_NETWORK_TYPE NetWorkType;
1156 UCHAR rate, i;
1157
1158 NetWorkType = Ndis802_11DS;
1159
1160 if (pBss->Channel <= 14)
1161 {
1162 //
1163 // First check support Rate.
1164 //
1165 for (i = 0; i < pBss->SupRateLen; i++)
1166 {
1167 rate = pBss->SupRate[i] & 0x7f; // Mask out basic rate set bit
1168 if ((rate == 2) || (rate == 4) || (rate == 11) || (rate == 22))
1169 {
1170 continue;
1171 }
1172 else
1173 {
1174 //
1175 // Otherwise (even rate > 108) means Ndis802_11OFDM24
1176 //
1177 NetWorkType = Ndis802_11OFDM24;
1178 break;
1179 }
1180 }
1181
1182 //
1183 // Second check Extend Rate.
1184 //
1185 if (NetWorkType != Ndis802_11OFDM24)
1186 {
1187 for (i = 0; i < pBss->ExtRateLen; i++)
1188 {
1189 rate = pBss->SupRate[i] & 0x7f; // Mask out basic rate set bit
1190 if ((rate == 2) || (rate == 4) || (rate == 11) || (rate == 22))
1191 {
1192 continue;
1193 }
1194 else
1195 {
1196 //
1197 // Otherwise (even rate > 108) means Ndis802_11OFDM24
1198 //
1199 NetWorkType = Ndis802_11OFDM24;
1200 break;
1201 }
1202 }
1203 }
1204 }
1205 else
1206 {
1207 NetWorkType = Ndis802_11OFDM5;
1208 }
1209
1210 if (pBss->HtCapabilityLen != 0)
1211 {
1212 if (NetWorkType == Ndis802_11OFDM5)
1213 NetWorkType = Ndis802_11OFDM5_N;
1214 else
1215 NetWorkType = Ndis802_11OFDM24_N;
1216 }
1217
1218 return NetWorkType;
1219 }
1220
1221 /*
1222 ==========================================================================
1223 Description:
1224 Check the validity of the received EAPoL frame
1225 Return:
1226 TRUE if all parameters are OK,
1227 FALSE otherwise
1228 ==========================================================================
1229 */
1230 BOOLEAN PeerWpaMessageSanity(
1231 IN PRTMP_ADAPTER pAd,
1232 IN PEAPOL_PACKET pMsg,
1233 IN ULONG MsgLen,
1234 IN UCHAR MsgType,
1235 IN MAC_TABLE_ENTRY *pEntry)
1236 {
1237 UCHAR mic[LEN_KEY_DESC_MIC], digest[80], KEYDATA[MAX_LEN_OF_RSNIE];
1238 BOOLEAN bReplayDiff = FALSE;
1239 BOOLEAN bWPA2 = FALSE;
1240 KEY_INFO EapolKeyInfo;
1241 UCHAR GroupKeyIndex = 0;
1242
1243
1244 NdisZeroMemory(mic, sizeof(mic));
1245 NdisZeroMemory(digest, sizeof(digest));
1246 NdisZeroMemory(KEYDATA, sizeof(KEYDATA));
1247 NdisZeroMemory((PUCHAR)&EapolKeyInfo, sizeof(EapolKeyInfo));
1248
1249 NdisMoveMemory((PUCHAR)&EapolKeyInfo, (PUCHAR)&pMsg->KeyDesc.KeyInfo, sizeof(KEY_INFO));
1250
1251 *((USHORT *)&EapolKeyInfo) = cpu2le16(*((USHORT *)&EapolKeyInfo));
1252
1253 // Choose WPA2 or not
1254 if ((pEntry->AuthMode == Ndis802_11AuthModeWPA2) || (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK))
1255 bWPA2 = TRUE;
1256
1257 // 0. Check MsgType
1258 if ((MsgType > EAPOL_GROUP_MSG_2) || (MsgType < EAPOL_PAIR_MSG_1))
1259 {
1260 DBGPRINT(RT_DEBUG_ERROR, ("The message type is invalid(%d)! \n", MsgType));
1261 return FALSE;
1262 }
1263
1264 // 1. Replay counter check
1265 if (MsgType == EAPOL_PAIR_MSG_1 || MsgType == EAPOL_PAIR_MSG_3 || MsgType == EAPOL_GROUP_MSG_1) // For supplicant
1266 {
1267 // First validate replay counter, only accept message with larger replay counter.
1268 // Let equal pass, some AP start with all zero replay counter
1269 UCHAR ZeroReplay[LEN_KEY_DESC_REPLAY];
1270
1271 NdisZeroMemory(ZeroReplay, LEN_KEY_DESC_REPLAY);
1272 if ((RTMPCompareMemory(pMsg->KeyDesc.ReplayCounter, pEntry->R_Counter, LEN_KEY_DESC_REPLAY) != 1) &&
1273 (RTMPCompareMemory(pMsg->KeyDesc.ReplayCounter, ZeroReplay, LEN_KEY_DESC_REPLAY) != 0))
1274 {
1275 bReplayDiff = TRUE;
1276 }
1277 }
1278 else if (MsgType == EAPOL_PAIR_MSG_2 || MsgType == EAPOL_PAIR_MSG_4 || MsgType == EAPOL_GROUP_MSG_2) // For authenticator
1279 {
1280 // check Replay Counter coresponds to MSG from authenticator, otherwise discard
1281 if (!NdisEqualMemory(pMsg->KeyDesc.ReplayCounter, pEntry->R_Counter, LEN_KEY_DESC_REPLAY))
1282 {
1283 bReplayDiff = TRUE;
1284 }
1285 }
1286
1287 // Replay Counter different condition
1288 if (bReplayDiff)
1289 {
1290 // send wireless event - for replay counter different
1291 if (pAd->CommonCfg.bWirelessEvent)
1292 RTMPSendWirelessEvent(pAd, IW_REPLAY_COUNTER_DIFF_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
1293
1294 if (MsgType < EAPOL_GROUP_MSG_1)
1295 {
1296 DBGPRINT(RT_DEBUG_ERROR, ("Replay Counter Different in pairwise msg %d of 4-way handshake!\n", MsgType));
1297 }
1298 else
1299 {
1300 DBGPRINT(RT_DEBUG_ERROR, ("Replay Counter Different in group msg %d of 2-way handshake!\n", (MsgType - EAPOL_PAIR_MSG_4)));
1301 }
1302
1303 hex_dump("Receive replay counter ", pMsg->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
1304 hex_dump("Current replay counter ", pEntry->R_Counter, LEN_KEY_DESC_REPLAY);
1305 return FALSE;
1306 }
1307
1308 // 2. Verify MIC except Pairwise Msg1
1309 if (MsgType != EAPOL_PAIR_MSG_1)
1310 {
1311 UCHAR rcvd_mic[LEN_KEY_DESC_MIC];
1312
1313 // Record the received MIC for check later
1314 NdisMoveMemory(rcvd_mic, pMsg->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
1315 NdisZeroMemory(pMsg->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
1316
1317 if (EapolKeyInfo.KeyDescVer == DESC_TYPE_TKIP) // TKIP
1318 {
1319 HMAC_MD5(pEntry->PTK, LEN_EAP_MICK, (PUCHAR)pMsg, MsgLen, mic, MD5_DIGEST_SIZE);
1320 }
1321 else if (EapolKeyInfo.KeyDescVer == DESC_TYPE_AES) // AES
1322 {
1323 HMAC_SHA1(pEntry->PTK, LEN_EAP_MICK, (PUCHAR)pMsg, MsgLen, digest, SHA1_DIGEST_SIZE);
1324 NdisMoveMemory(mic, digest, LEN_KEY_DESC_MIC);
1325 }
1326
1327 if (!NdisEqualMemory(rcvd_mic, mic, LEN_KEY_DESC_MIC))
1328 {
1329 // send wireless event - for MIC different
1330 if (pAd->CommonCfg.bWirelessEvent)
1331 RTMPSendWirelessEvent(pAd, IW_MIC_DIFF_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
1332
1333 if (MsgType < EAPOL_GROUP_MSG_1)
1334 {
1335 DBGPRINT(RT_DEBUG_ERROR, ("MIC Different in pairwise msg %d of 4-way handshake!\n", MsgType));
1336 }
1337 else
1338 {
1339 DBGPRINT(RT_DEBUG_ERROR, ("MIC Different in group msg %d of 2-way handshake!\n", (MsgType - EAPOL_PAIR_MSG_4)));
1340 }
1341
1342 hex_dump("Received MIC", rcvd_mic, LEN_KEY_DESC_MIC);
1343 hex_dump("Desired MIC", mic, LEN_KEY_DESC_MIC);
1344
1345 return FALSE;
1346 }
1347 }
1348
1349 // 1. Decrypt the Key Data field if GTK is included.
1350 // 2. Extract the context of the Key Data field if it exist.
1351 // The field in pairwise_msg_2_WPA1(WPA2) & pairwise_msg_3_WPA1 is clear.
1352 // The field in group_msg_1_WPA1(WPA2) & pairwise_msg_3_WPA2 is encrypted.
1353 if (CONV_ARRARY_TO_UINT16(pMsg->KeyDesc.KeyDataLen) > 0)
1354 {
1355 // Decrypt this field
1356 if ((MsgType == EAPOL_PAIR_MSG_3 && bWPA2) || (MsgType == EAPOL_GROUP_MSG_1))
1357 {
1358 if(
1359 (EapolKeyInfo.KeyDescVer == DESC_TYPE_AES))
1360 {
1361 // AES
1362 AES_GTK_KEY_UNWRAP(&pEntry->PTK[16], KEYDATA,
1363 CONV_ARRARY_TO_UINT16(pMsg->KeyDesc.KeyDataLen),
1364 pMsg->KeyDesc.KeyData);
1365 }
1366 else
1367 {
1368 INT i;
1369 UCHAR Key[32];
1370 // Decrypt TKIP GTK
1371 // Construct 32 bytes RC4 Key
1372 NdisMoveMemory(Key, pMsg->KeyDesc.KeyIv, 16);
1373 NdisMoveMemory(&Key[16], &pEntry->PTK[16], 16);
1374 ARCFOUR_INIT(&pAd->PrivateInfo.WEPCONTEXT, Key, 32);
1375 //discard first 256 bytes
1376 for(i = 0; i < 256; i++)
1377 ARCFOUR_BYTE(&pAd->PrivateInfo.WEPCONTEXT);
1378 // Decrypt GTK. Becareful, there is no ICV to check the result is correct or not
1379 ARCFOUR_DECRYPT(&pAd->PrivateInfo.WEPCONTEXT, KEYDATA,
1380 pMsg->KeyDesc.KeyData,
1381 CONV_ARRARY_TO_UINT16(pMsg->KeyDesc.KeyDataLen));
1382 }
1383
1384 if (!bWPA2 && (MsgType == EAPOL_GROUP_MSG_1))
1385 GroupKeyIndex = EapolKeyInfo.KeyIndex;
1386
1387 }
1388 else if ((MsgType == EAPOL_PAIR_MSG_2) || (MsgType == EAPOL_PAIR_MSG_3 && !bWPA2))
1389 {
1390 NdisMoveMemory(KEYDATA, pMsg->KeyDesc.KeyData, CONV_ARRARY_TO_UINT16(pMsg->KeyDesc.KeyDataLen));
1391 }
1392 else
1393 {
1394
1395 return TRUE;
1396 }
1397
1398 // Parse Key Data field to
1399 // 1. verify RSN IE for pairwise_msg_2_WPA1(WPA2) ,pairwise_msg_3_WPA1(WPA2)
1400 // 2. verify KDE format for pairwise_msg_3_WPA2, group_msg_1_WPA2
1401 // 3. update shared key for pairwise_msg_3_WPA2, group_msg_1_WPA1(WPA2)
1402 if (!RTMPParseEapolKeyData(pAd, KEYDATA,
1403 CONV_ARRARY_TO_UINT16(pMsg->KeyDesc.KeyDataLen),
1404 GroupKeyIndex, MsgType, bWPA2, pEntry))
1405 {
1406 return FALSE;
1407 }
1408 }
1409
1410 return TRUE;
1411
1412 }
1413
1414 #ifdef CONFIG_STA_SUPPORT
1415 #ifdef QOS_DLS_SUPPORT
1416 BOOLEAN MlmeDlsReqSanity(
1417 IN PRTMP_ADAPTER pAd,
1418 IN VOID *Msg,
1419 IN ULONG MsgLen,
1420 OUT PRT_802_11_DLS *pDLS,
1421 OUT PUSHORT pReason)
1422 {
1423 MLME_DLS_REQ_STRUCT *pInfo;
1424
1425 pInfo = (MLME_DLS_REQ_STRUCT *)Msg;
1426
1427 *pDLS = pInfo->pDLS;
1428 *pReason = pInfo->Reason;
1429
1430 return TRUE;
1431 }
1432 #endif // QOS_DLS_SUPPORT //
1433 #endif // CONFIG_STA_SUPPORT //
1434
1435 #ifdef QOS_DLS_SUPPORT
1436 BOOLEAN PeerDlsReqSanity(
1437 IN PRTMP_ADAPTER pAd,
1438 IN VOID *Msg,
1439 IN ULONG MsgLen,
1440 OUT PUCHAR pDA,
1441 OUT PUCHAR pSA,
1442 OUT USHORT *pCapabilityInfo,
1443 OUT USHORT *pDlsTimeout,
1444 OUT UCHAR *pRatesLen,
1445 OUT UCHAR Rates[],
1446 OUT UCHAR *pHtCapabilityLen,
1447 OUT HT_CAPABILITY_IE *pHtCapability)
1448 {
1449 CHAR *Ptr;
1450 PFRAME_802_11 Fr = (PFRAME_802_11)Msg;
1451 PEID_STRUCT eid_ptr;
1452
1453 // to prevent caller from using garbage output value
1454 *pCapabilityInfo = 0;
1455 *pDlsTimeout = 0;
1456 *pHtCapabilityLen = 0;
1457
1458 Ptr = (PCHAR)Fr->Octet;
1459
1460 // offset to destination MAC address (Category and Action field)
1461 Ptr += 2;
1462
1463 // get DA from payload and advance the pointer
1464 NdisMoveMemory(pDA, Ptr, MAC_ADDR_LEN);
1465 Ptr += MAC_ADDR_LEN;
1466
1467 // get SA from payload and advance the pointer
1468 NdisMoveMemory(pSA, Ptr, MAC_ADDR_LEN);
1469 Ptr += MAC_ADDR_LEN;
1470
1471 // get capability info from payload and advance the pointer
1472 NdisMoveMemory(pCapabilityInfo, Ptr, 2);
1473 Ptr += 2;
1474
1475 // get capability info from payload and advance the pointer
1476 NdisMoveMemory(pDlsTimeout, Ptr, 2);
1477 Ptr += 2;
1478
1479 // Category and Action field + DA + SA + capability + Timeout
1480 eid_ptr = (PEID_STRUCT) &Fr->Octet[18];
1481
1482 while (((UCHAR*)eid_ptr + eid_ptr->Len + 1) < ((UCHAR*)Fr + MsgLen))
1483 {
1484 switch(eid_ptr->Eid)
1485 {
1486 case IE_SUPP_RATES:
1487 if ((eid_ptr->Len <= MAX_LEN_OF_SUPPORTED_RATES) && (eid_ptr->Len > 0))
1488 {
1489 NdisMoveMemory(Rates, eid_ptr->Octet, eid_ptr->Len);
1490 DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsReqSanity - IE_SUPP_RATES., Len=%d. Rates[0]=%x\n",eid_ptr->Len, Rates[0]));
1491 DBGPRINT(RT_DEBUG_TRACE, ("Rates[1]=%x %x %x %x %x %x %x\n", Rates[1], Rates[2], Rates[3], Rates[4], Rates[5], Rates[6], Rates[7]));
1492 *pRatesLen = eid_ptr->Len;
1493 }
1494 else
1495 {
1496 *pRatesLen = 8;
1497 Rates[0] = 0x82;
1498 Rates[1] = 0x84;
1499 Rates[2] = 0x8b;
1500 Rates[3] = 0x96;
1501 Rates[4] = 0x12;
1502 Rates[5] = 0x24;
1503 Rates[6] = 0x48;
1504 Rates[7] = 0x6c;
1505 DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsReqSanity - wrong IE_SUPP_RATES., Len=%d\n",eid_ptr->Len));
1506 }
1507 break;
1508
1509 case IE_EXT_SUPP_RATES:
1510 if (eid_ptr->Len + *pRatesLen <= MAX_LEN_OF_SUPPORTED_RATES)
1511 {
1512 NdisMoveMemory(&Rates[*pRatesLen], eid_ptr->Octet, eid_ptr->Len);
1513 *pRatesLen = (*pRatesLen) + eid_ptr->Len;
1514 }
1515 else
1516 {
1517 NdisMoveMemory(&Rates[*pRatesLen], eid_ptr->Octet, MAX_LEN_OF_SUPPORTED_RATES - (*pRatesLen));
1518 *pRatesLen = MAX_LEN_OF_SUPPORTED_RATES;
1519 }
1520 break;
1521
1522 case IE_HT_CAP:
1523 if (eid_ptr->Len >= sizeof(HT_CAPABILITY_IE))
1524 {
1525 NdisMoveMemory(pHtCapability, eid_ptr->Octet, sizeof(HT_CAPABILITY_IE));
1526
1527 *(USHORT *)(&pHtCapability->HtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->HtCapInfo));
1528 #ifdef UNALIGNMENT_SUPPORT
1529 {
1530 EXT_HT_CAP_INFO extHtCapInfo;
1531
1532 NdisMoveMemory((PUCHAR)(&extHtCapInfo), (PUCHAR)(&pHtCapability->ExtHtCapInfo), sizeof(EXT_HT_CAP_INFO));
1533 *(USHORT *)(&extHtCapInfo) = cpu2le16(*(USHORT *)(&extHtCapInfo));
1534 NdisMoveMemory((PUCHAR)(&pHtCapability->ExtHtCapInfo), (PUCHAR)(&extHtCapInfo), sizeof(EXT_HT_CAP_INFO));
1535 }
1536 #else
1537 *(USHORT *)(&pHtCapability->ExtHtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->ExtHtCapInfo));
1538 #endif // UNALIGNMENT_SUPPORT //
1539 *pHtCapabilityLen = sizeof(HT_CAPABILITY_IE);
1540
1541 DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsReqSanity - IE_HT_CAP\n"));
1542 }
1543 else
1544 {
1545 DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsReqSanity - wrong IE_HT_CAP.eid_ptr->Len = %d\n", eid_ptr->Len));
1546 }
1547 break;
1548
1549 default:
1550 break;
1551 }
1552
1553 eid_ptr = (PEID_STRUCT)((UCHAR*)eid_ptr + 2 + eid_ptr->Len);
1554 }
1555
1556 return TRUE;
1557 }
1558
1559 BOOLEAN PeerDlsRspSanity(
1560 IN PRTMP_ADAPTER pAd,
1561 IN VOID *Msg,
1562 IN ULONG MsgLen,
1563 OUT PUCHAR pDA,
1564 OUT PUCHAR pSA,
1565 OUT USHORT *pCapabilityInfo,
1566 OUT USHORT *pStatus,
1567 OUT UCHAR *pRatesLen,
1568 OUT UCHAR Rates[],
1569 OUT UCHAR *pHtCapabilityLen,
1570 OUT HT_CAPABILITY_IE *pHtCapability)
1571 {
1572 CHAR *Ptr;
1573 PFRAME_802_11 Fr = (PFRAME_802_11)Msg;
1574 PEID_STRUCT eid_ptr;
1575
1576 // to prevent caller from using garbage output value
1577 *pStatus = 0;
1578 *pCapabilityInfo = 0;
1579 *pHtCapabilityLen = 0;
1580
1581 Ptr = (PCHAR)Fr->Octet;
1582
1583 // offset to destination MAC address (Category and Action field)
1584 Ptr += 2;
1585
1586 // get status code from payload and advance the pointer
1587 NdisMoveMemory(pStatus, Ptr, 2);
1588 Ptr += 2;
1589
1590 // get DA from payload and advance the pointer
1591 NdisMoveMemory(pDA, Ptr, MAC_ADDR_LEN);
1592 Ptr += MAC_ADDR_LEN;
1593
1594 // get SA from payload and advance the pointer
1595 NdisMoveMemory(pSA, Ptr, MAC_ADDR_LEN);
1596 Ptr += MAC_ADDR_LEN;
1597
1598 if (pStatus == 0)
1599 {
1600 // get capability info from payload and advance the pointer
1601 NdisMoveMemory(pCapabilityInfo, Ptr, 2);
1602 Ptr += 2;
1603 }
1604
1605 // Category and Action field + status code + DA + SA + capability
1606 eid_ptr = (PEID_STRUCT) &Fr->Octet[18];
1607
1608 while (((UCHAR*)eid_ptr + eid_ptr->Len + 1) < ((UCHAR*)Fr + MsgLen))
1609 {
1610 switch(eid_ptr->Eid)
1611 {
1612 case IE_SUPP_RATES:
1613 if ((eid_ptr->Len <= MAX_LEN_OF_SUPPORTED_RATES) && (eid_ptr->Len > 0))
1614 {
1615 NdisMoveMemory(Rates, eid_ptr->Octet, eid_ptr->Len);
1616 DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsRspSanity - IE_SUPP_RATES., Len=%d. Rates[0]=%x\n",eid_ptr->Len, Rates[0]));
1617 DBGPRINT(RT_DEBUG_TRACE, ("Rates[1]=%x %x %x %x %x %x %x\n", Rates[1], Rates[2], Rates[3], Rates[4], Rates[5], Rates[6], Rates[7]));
1618 *pRatesLen = eid_ptr->Len;
1619 }
1620 else
1621 {
1622 *pRatesLen = 8;
1623 Rates[0] = 0x82;
1624 Rates[1] = 0x84;
1625 Rates[2] = 0x8b;
1626 Rates[3] = 0x96;
1627 Rates[4] = 0x12;
1628 Rates[5] = 0x24;
1629 Rates[6] = 0x48;
1630 Rates[7] = 0x6c;
1631 DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsRspSanity - wrong IE_SUPP_RATES., Len=%d\n",eid_ptr->Len));
1632 }
1633 break;
1634
1635 case IE_EXT_SUPP_RATES:
1636 if (eid_ptr->Len + *pRatesLen <= MAX_LEN_OF_SUPPORTED_RATES)
1637 {
1638 NdisMoveMemory(&Rates[*pRatesLen], eid_ptr->Octet, eid_ptr->Len);
1639 *pRatesLen = (*pRatesLen) + eid_ptr->Len;
1640 }
1641 else
1642 {
1643 NdisMoveMemory(&Rates[*pRatesLen], eid_ptr->Octet, MAX_LEN_OF_SUPPORTED_RATES - (*pRatesLen));
1644 *pRatesLen = MAX_LEN_OF_SUPPORTED_RATES;
1645 }
1646 break;
1647
1648 case IE_HT_CAP:
1649 if (eid_ptr->Len >= sizeof(HT_CAPABILITY_IE))
1650 {
1651 NdisMoveMemory(pHtCapability, eid_ptr->Octet, sizeof(HT_CAPABILITY_IE));
1652
1653 *(USHORT *)(&pHtCapability->HtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->HtCapInfo));
1654 #ifdef UNALIGNMENT_SUPPORT
1655 {
1656 EXT_HT_CAP_INFO extHtCapInfo;
1657
1658 NdisMoveMemory((PUCHAR)(&extHtCapInfo), (PUCHAR)(&pHtCapability->ExtHtCapInfo), sizeof(EXT_HT_CAP_INFO));
1659 *(USHORT *)(&extHtCapInfo) = cpu2le16(*(USHORT *)(&extHtCapInfo));
1660 NdisMoveMemory((PUCHAR)(&pHtCapability->ExtHtCapInfo), (PUCHAR)(&extHtCapInfo), sizeof(EXT_HT_CAP_INFO));
1661 }
1662 #else
1663 *(USHORT *)(&pHtCapability->ExtHtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->ExtHtCapInfo));
1664 #endif // UNALIGNMENT_SUPPORT //
1665 *pHtCapabilityLen = sizeof(HT_CAPABILITY_IE);
1666
1667 DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsRspSanity - IE_HT_CAP\n"));
1668 }
1669 else
1670 {
1671 DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsRspSanity - wrong IE_HT_CAP.eid_ptr->Len = %d\n", eid_ptr->Len));
1672 }
1673 break;
1674
1675 default:
1676 break;
1677 }
1678
1679 eid_ptr = (PEID_STRUCT)((UCHAR*)eid_ptr + 2 + eid_ptr->Len);
1680 }
1681
1682 return TRUE;
1683 }
1684
1685 BOOLEAN PeerDlsTearDownSanity(
1686 IN PRTMP_ADAPTER pAd,
1687 IN VOID *Msg,
1688 IN ULONG MsgLen,
1689 OUT PUCHAR pDA,
1690 OUT PUCHAR pSA,
1691 OUT USHORT *pReason)
1692 {
1693 CHAR *Ptr;
1694 PFRAME_802_11 Fr = (PFRAME_802_11)Msg;
1695
1696 // to prevent caller from using garbage output value
1697 *pReason = 0;
1698
1699 Ptr = (PCHAR)Fr->Octet;
1700
1701 // offset to destination MAC address (Category and Action field)
1702 Ptr += 2;
1703
1704 // get DA from payload and advance the pointer
1705 NdisMoveMemory(pDA, Ptr, MAC_ADDR_LEN);
1706 Ptr += MAC_ADDR_LEN;
1707
1708 // get SA from payload and advance the pointer
1709 NdisMoveMemory(pSA, Ptr, MAC_ADDR_LEN);
1710 Ptr += MAC_ADDR_LEN;
1711
1712 // get reason code from payload and advance the pointer
1713 NdisMoveMemory(pReason, Ptr, 2);
1714 Ptr += 2;
1715
1716 return TRUE;
1717 }
1718 #endif // QOS_DLS_SUPPORT //
kernel-based virtual machine